I am the first person to appreciate the pro-online-privacy legislation from the EU in the last couple of years.
Yet...How can the same organization be behind this? Is it a result of the sheer size of the org, with malevolent people reeking their ugly heads? A more cynical "privacy legislation as a smoke screen with totalitarian measures in the backend"?
The effectiveness of EU machinery is overrated. EU is a large organization with lots and lots of money. The people who go there are largely unaccountable to their countries, and are likely to do things that are popular, and they like to show off their work. There is no repercussions for the decisions taken though, because the only elected positions (the parliament) are far removed from legislating and limited to just approving what other people promote.
In the case of privacy laws, they sometimes don't even follow their own laws. E.g. as participants in an H2020-funded project, we were asked to add google-analytics to our website, because for EU officers, social proof is very important. We still have it btw, even though it's likely illegal. The privacy laws were enacted because some groups (led by german greens) were pushy about them -- there was very little push from the populace to enact such a kafkaesque system, and I am sure, that , if the populace were asked, the police and other authorities would not have been exempt from all these laws.
I think it's popular in american (left) media to deify the EU as some kind of wise leader, while it's just as susceptible to corporate lobbying (and bribes , as shown recently) as any other government. This depiction of sainthood has not helped the EU evolve to fix its own problems.
Recently in a podcast i heard Eric Schmidt admit that they were successfully pushing back against privacy regulation for at least 7 years.
It troubles me deeply that we in America often cannot make an argument about advocating something without using EU as a crutch. Both left and right wings of the political sphere. Examples:
Ok: We shouldn’t allow abortion beyond trimester.
Better: We shouldn’t allow abortion beyond trimester, that’s how it works in most EU countries.
Ok: Vaccine mandates are not cool.
Better: Vaccine mandates are not cool, just look at Sweden.
Ok: Voting should require IDs.
Better: Voting should require IDs, just look at EU.
My country has a deep malaise of insecurity and inability to rationally think for itself. We were leading our ideas with basis of good arguments in 1950-1980s, then came all the things we want to idealize about EU.
Nothing against EU, they should be promoting independent thought and not copy Americans either. Please don’t make arguments about what specific examples I gave. They may not be accurate but there are many more like this. The point to argue is not about vaccines or whatever, it’s about independent thought and policy.
I don't think that's just America. I think everyone in world and throughout history uses foreign countries as a stand-in to make an argument.
I remember reading an article about about some Roman writer - Tacitus? I don't remember who - who was describing the German tribes. The article though questioned just how much we could really learn about those people from the Roman writer because it seemed like they were just using the Germans as - like you say - a crutch to make an argument about how Romans should be.
The Germans respect their parents. They serve in the military. they're brave and loyal. They're not merchants - etc. etc.
And heck, it's an effective argument - this isn't just what I think, look with your own eyes at those people who aren't us that do this thing so well. Sometimes it's ever true. :-)
You’re right. Let’s be better, especially people that are enamored irrationally with the EU (or country X's policies) without arguing the underlying rational and objectivity.
>Yet...How can the same organization be behind this?
Very easy. The organisation is huge and composed from 100000s of people working on different goals. They don't have any supervision, no democratic vote and if they decided they want to grow 400% in one year, they simply could and would, because no one feels like EU is "their government" they could easily protest against. If they want to create EU-Online-Child-Safety-Agency, they would just take our tax money and create it. What could you do against it? Shitpost online that you don't like it? It's too big and broad to control by citizens.
I'm afraid all of this comment is essentially nonsense. For starters, the EU system (including the Commission, all the various agencies across the Union, all courts, etc.) employs around 60,000 people.
The government of Sweden alone employs more people for a population of only 10M. The EU is in fact fairly lean given its scope and the number of languages. National governments are responsible for implementing almost everything agreed by the Union members.
Also, they can not grow by 400%. There are rules in place that limit the budget and the maximum change per budget chapter that can be executed at once. These rules are made and by member countries.
BTW, EU budget was available in XML format for a while. Easy to parse. The first years they did not publish it, a FOI request would get you an electronic copy rather quickly.
IIRC, there was little interest in the machine-readable budget because the published version does not go too far into the details of budget lines and one has to have specialized knowledge to read it.
Still, one could make some interesting conclusions, e.g. that the Ombudsman had much higher HR budget per head that the rest of the pack, the Commission included.
This created internal tensions, but no substantial change in the follow-up.
It's a pity there is so little interest in EU Budget that they can just stop publishing machine-readable copy and get away with it.
The EU budget in theory is funded by money allocated by member states and can't go beyond that level. This is fixed law by treaty, Article 310:
"The revenue and expenditure shown in the budget shall be in balance."
But nothing about EU treaties means anything in practice. This article holds back the EU's power and they can't be having that, so what actually happens is ...
"First half of 2023: Commission to issue up to €80 billion to finance economic recovery and support for Ukraine"
The money isn't even being spent on EU member states! Raising money via debt this way is illegal but the EU is not a system of laws, it's a system that does whatever it can get away with politically. That's why it's dangerous: it is a dictatorship that's rapidly growing in power, and it's on track to completely destroy European democracy.
It's written by a self proclaimed EU fan who says:
"When the COVID-19 crisis hit the Union, the Treaties did not change, but the political circumstances surrounding them did. Building on a Franco-German plan, the Commission came forward with a proposal for Next Generation EU (NGEU), to be financed through borrowing € 750 billion on the financial markets and primarily used as grants to Member States. In other words, the EU issues debt on a massive scale to finance itself. It does exactly what we thought it was prevented by the Treaties from doing.
I do not question the need of solidarity, but rather the legal techniques applied to deliver this solidarity.
Soon after the adoption of the Commission proposal, the Council website was updated and the reference to the prohibition of debt financing was removed. Apparently, constitutional change was about to take place, however, without a formal constitutional change."
Here, "legal techniques" is a euphemism for ignoring the law. Give it 20 years and Brexit will seem like a genius move, assuming EU loyalists haven't managed to undo it by then.
Is it? I would rather say it is maybe too democratic. For an EU law to pass, both the EU parliament and EU council need to approve. So that means people vote for parties, that in turn are the EU parliament. Plus the EU council, which consists of the heads all the EU countries. That is a double layer of democracy.
The only real difference is that EU gets very little media attention.
The EU has a language problem though. If there's a problem affecting Lithuania there's very little that voting can do to solve it. Lithuanians don't have an impact on the politicians voted in from other countries, because the politics don't overlap due to language. Lithuanian voters would have to convince German politicians, that campaign in the German language to German people, about Lithuania's issue. How likely do you think that is going to work?
How does it work in the United States? Let's say there's a problem affecting South Carolina. How would South Carolina voters convince Californian politicians about South Carolina problems? If convinced, what actions would Californian politicians take?
Problems that are affecting South Carolina will be spoken about in English. Californians will hear about it here and there. They can be seen as national problems.
Something like that doesn't happen in the EU. Every language is like an entirely different political sphere.
US presidential elections (and the party system) add another reason for politicians to care about what the voters in another state think. If Democrats look bad when handling an issue in South Carolina then it can end up costing them votes in other states too.
Well, ok. Let's consider the total number of employed people in the EU, around 190 million.
In the entire Union, about 16% of all employees work for the governments. That's 30.4 million people.
60,000 people work for the EU directly, which is 0.2% of the total. To put it another way, there are 500 national government employees for each one EU worker. Is this the tail wagging the dog? 0.2% is not even the dog's tail, it's a piece of hair on its back.
Every month, the whole parliament is moving fron Straßbourg to Bruessel and then back. That is not a sign of an efficient organisation, despite the fact that the numbers could be worse.
"To put it another way, there are 500 national government employees for each one EU worker."
And they simply don't have the same scope at all, so any direct comparison doesn not make much sense.
The actual work is done at the national level. They work on coordination, which is important, but very vague.
> The EU is in fact fairly lean given its scope and the number of languages.
Any reference on that? I used to work for EU and I never had this impression while there or never read about how lean the EU is.. would be interesting to know more about it.
I'm not saying there isn't waste. It develops in every large organization, public or private. (I sometimes wonder about people — Americans mostly — who want the government to vanish, but also complain loudly about how their phone operator, insurance company, etc. are the worst. What do they expect to happen if the private sector took over everything?)
The relative leanness of the EU is a result of its unique structure. It has almost no executive authority on its own except in specific transnational cases like antitrust where it can fine large corporations. On the level that citizens interact, everything is delegated to national institutions. It's nothing like the federal states that exist elsewhere. For example the US federal government employs almost 50 times more people than the entire EU system, yet EU population is 30% larger.
> For example the US federal government employs almost 50 times more people than the entire EU system, yet EU population is 30% larger.
but is that comparison not like comparing apples to oranges? You should add EU system + Federal System from all countries together, to get a better picture, no?
But the EU is not a government. It only does funding, almost nothing else. They are all administrators, members of committees, managers of members of committees and so on and forth. The EU won't put out the fire in your house or send you a doctor. What's the purpose of comparing it to sweden?
It is a different kind of organization, and there is no mechanism for EU citizens to assign blame to the EU politicians. Practical example: the EU handling of vaccines, with the EU leader still refusing to make public their messaging with Pfizer.
The 60000 people of the EU manages a 1 trillion budget. The budget for the 60000 people is 11 Billion/year. That's average spending 183333/person per year
183_333 per head is a lot in Romania, but pretty much in line public administration spending in Belgium, The Netherlands, Germany and France where the bulk of the staff works.
This is not just salaries, but cost, including building, services schools, pensions and god knows what.
P.S. As I noted elsewhere, if you want to voice your concern about eurocrats' pay, start with Ombudsman office. They spend much more per head.
No the national governments choose the commissioner to send to the commission. A nation in the EU can recall its commissioner. The commissioner acts in the interests of the Government of the nation that sent them to the EU commission. The national governments of EU nations are all elected by their citizens so the commission is indirectly democratic. It is arranged like this because individual countries in the EU don't want to give up sovereignty to the EU parliament.
This is probably the biggest issue with having an executive which isn't formed by the actual members of parliament, particularly if that executive has powers that the parliament either cannot challenge by design or can't really challenge in practice. The EU commission really isn't democratic at all, and this is by design because of both the origins of the EU as a technocratic-economic project but also the EU parliament just sucks and doesn't really act like a parliament that governs. Because it doesn't really, the EU commission is the only thing people really talk about when it comes to the EU doing stuff. Sometimes the EU parliament will kick up a fuss but it's rare. The real fusses get kicked up in national parliaments.
It's arguably still democratic in that each country, through its EU commissioner, gets one vote and the power to veto unless they've given up that veto for a specific issue which is done at a summit of all the national leaders of EU countries by signing a further treaty. If a country doesn't like what is happening they tell their elected national government to do something about it then the commissioner acts on the instructions received from the national government. Going from admittedly hazy memory from back in 2016, commissioners have a fixed term, I believe, and a national government can recall their commissioner if they are not doing what they are told. I think the EU parliament can also veto legislation proposed by the EU commission, but cannot create its own legislation.
The things the EU commission can legislate are restricted by treaty, I've no idea what these restrictions are something I suspect that I share with 99.999% of people in this thread.
So I would argue that the EU commission is less democratic than a directly elected EU parliament with the power to create any legislation it wants, but more democratic than say the House of Lords in the UK or the Supreme Court in the US where members are chosen by the elected government and can only be removed if they die, resign or commit some kind of heinous crime.
"each country, through its EU commissioner, gets one vote and the power to veto"
In theory yes. In practice not really. The EU has a long term goal of getting rid of veto and there's hardly anything left of it now. Also, even when votes take place they are often secret and there's no way to know how countries voted. Also the countries are supposed to nominate whoever they want as commissioners, but Juncker talked about how in reality there's a secret veto and the head of the Commission ensures they only get the Commissioners they want. We can infer that they get commissioners who are on board with their agenda and more loyal to the EU than their host nation.
To ensure that loyalty they have a lot of other tricks up their sleeve, like enormous "pensions" that are contingent on continuing to demonstrate loyalty to the EU after leaving the job i.e. they're not really pensions, they're bribes. They also pay much better than host nations can, and have a special tax deal such that they pay virtually no tax at all so their comp at the EU is sky-high compared to what they could get working for their own government.
So national control over the EU is really extremely weak in practice.
"The things the EU commission can legislate are restricted by treaty, I've no idea what these restrictions are"
Again in theory anything not delegated to the EU is controlled by the nations. In practice, again, that's not really true. The EU Commission is a master of reinterpreting the treaties to mean whatever they want, backed by the ECJ. For example corporate taxation is not delegated to the Commission. They fixed this by re-interpreting their powers to stop state subsidies as a general control over all corporate tax rates, by arguing that a tax rate lower than e.g. France was the same thing as a subsidy. Normal people know that a tax is not the same thing as a subsidy, but the ECJ disagreed and thus the Commission took control over corporate taxation across the EU without any treaty change.
That story has been replicated numerous times. Regardless of what the treaty authors thought the treaties said, the court is packed with judges who are ideologically committed to the EU as a project, and who will happily engage in judicial activism to extend its powers.
I mean, we sent Ursula von der Leyen as head of the commission to the EU who became infamous in Germany for rather having CSAM stay online as long as she could prevent Germans from seeing it…
The debate was going on a bit like this:
"We should force DNS providers to block CSAM!" Internet activists: "Maybe it would be a better idea to ask the providers hosting this stuff to delete it?" - "WE SHOULD FORCE DNS PROVIDERS TO BLOCK CSAM! THESE INTERNET ACTIVISTS ARE SUPPORTING PEDOCRIMINALS!" (completely ignore what internet activists said)
People were begging her/them back then to, as a first step, include a requirement to send some kind of deletion request. Nada. Their list of CSAM that were apparently undeleteable (hence requiring internet blocks) were to a huge percentage deleted within days by Mogis (a German group of abused children against internet blocks) by simply mailing the provider where it was hosted.
So I’m not sure what other way there is to read this.
I'm baffled that you give that woman the benefit of the doubt who literally earned the nickname Zensursula with her hide-instead-of-delete antics in 2009.
That's not specific to the EU. When it comes to national governments, each ministry/department often has conflicting goals. So, when digital issues are tackled by the Interior Minister, you get this type of law proposal, but when it's handled by the Digital or Justice Minister, it's (generally) a different story.
“We decide on something, leave it lying around and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back.”
Though I would also add a lot of it was about growing protectionism, in response to the EU not investing enough in the internet and acting surprised when USA's investments puts its companies on top.
Are there any Europeans here that don't agree with where the EU/WEF/etc agenda are going? Sitting here in US, it appears to be homogeneously moving in ever increasing regulations and hamstringing progress, but I am sure there is a great deal of debate about it? Are there groups in EU that are pushing back?
Both pro-privacy and anti-privacy have one common theme - more power to the state.
And that's the point of EU bureaucrats. To gather as much power in their fight against both outside forces (e.g. US-based multinationals) and inside forces (member states).
When this (as well as other similar laws) are pushed other and other again... I remember that saying by Juncker... We'll try again, and again, and again till it passes one time :)
I'm not blaming every single bureaucrat. But direction of the organisation is pretty clear. Just like I don't blame every Facebook worker, but direction of that company is pretty clear too.
It always seems like a bad idea to attempt a technological solution to a legal/social problem. Surely the age of people using services is a purely a social issue - similar to not allowing alcohol to be sold to underage drinkers. This kind of law would be analogous to making a law that alcohol cannot be physically consumed by underage drinkers.
I don't think that's the analog. Nor is checking ID at a pub. The analog would be that any time two people speak to each other on the street or in a cafe, they should first present their ID to a surveillance camera and stand within earshot of a microphone.
[edit] The social argument for banning or restricting substances is also limited when it comes into too great a conflict with the social argument for tolerating individual choice. To even put the freedom to speak privately on the same plane as the freedom to take drugs is to abandon reason itself, not to mention hundreds of years of hard-won liberties and enlightenment. Anti-drug regimes are merely authoritarian. Anti-privacy regimes are totalitarian. There is a world of difference between policing action and policing thought.
Such as? I can't think of any examples apart from possibly child-proof caps on medication, but that is serving a slightly different purpose - safety rather than authoritarianism.
Interestingly, the legal structure around these substances apparently avoids banning consumption, limiting itself to banning the obtaining or possession of the substance. But it's worth noting that consumption itself is also prohibited, just without a firm textual basis. For example, if you give birth in a hospital, you will be tested for the presence of illegal drugs in your bloodstream (your consent is not required for this), and if you test positive, your child will be automatically confiscated.
I was more meaning a technological intervention that prevented underage people from being able to use/consume something.
Controlled substances are controlled through a legal framework although admittedly, some of the precursors to drugs are also banned which could count as a technological block on making them.
I have never heard of a confiscated child due to the parent having cannabis in their bloodstream - have you any source?
I think they were thinking of illegal drugs, which you generally can't possess. Maybe the act of consumption is not illegal per se, though, I'm not sure.
See side comment. As best as I can see, consumption is not "illegal", except that there are extremely severe legal consequences if any evidence turns up that you've consumed them. It remains to be explained in what sense that fails to constitute being illegal.
> except that there are extremely severe legal consequences if any evidence turns up
This is a bit of a sidebar, but what consequences? DUI, sure. But in Germany, where consumption (but nothing else, including possession; IANAL, not sure if someone holding a joint to your face to drag on counts as possession) of weed is legal I know of no direct consequences you’d face for having consumed marijuana.
I'm so tired of it all. Countless times it has been tried to enact laws like this. And it's not just this surveillance law that depresses me, reading up on the cyber resilience act just feels to me like it will suck even more fun out of software development, at least in a professional context.
We just have to get used to this being an eternal political fight. There will always be politicians with a desire for control and/or a lack of technical understanding that will try to take control of people's communication in this way.
I guess the best way to counteract this is well funded institutions whose purpose it is to fight that fight for us. I'm using this realization as an occasion to make a donation to the EFF.
> And it's not just this surveillance law that depresses me, reading up on the cyber resilience act just feels to me like it will suck even more fun out of software development, at least in a professional context.
God forbid people who love to use the title engineer will have to apply the rigour and standards of actual engineering to the work they do.
I had a horror of meeting some. Those can be, basically, put into two categories: 1) completely brainwashed (engineers aren't immune to that, unfortuntely), 2) drowning in regret and alcohol (being hostages of the situation).
1) There are a lot of people doing engineering without a degree. One example: many makers are not engineers and they do a lot of good stuff anyway. What they don't do is taking legal responsibility because they are not allowed to. It's no warranty / no fitness for a purpose stuff. Similarly there is a lot of software with no warranty / no fitness clauses. History demonstrated that it's good enough to keep the world spinning.
2) Most people in the software industry do engineering jobs no matter if they have a degree in Computer Science or Software Engineering (I didn't check the USA name for that, sorry) or in anything else. I know very good software developers, maybe with an architect / engineer job title, with no degree at all or with a degree in Graphic Design or Philosophy or Agronomy. They moved to software development because they tinkered with their computers, wrote some programs and discovered that they are good at it. Nobody notices the difference after 5 or 10 years of work. The only downside it's a little narrowness of expertise: they have many more unknown unknowns because nobody systematically told them what's there outside and how it works, even at high level. One example: that good software developer with the Graphic Design degree told me once that he doesn't really know how networking works. To him it's the configuration screen of his Mac and HTTP calls from Node.js.
> If software dev had been licensed and regulated this way we’d have only a tiny fraction of what we have now in terms of languages, OSes, tooling, etc.
It's starting to sound like a very good idea.
> There are specific areas where it makes sense but doing it broadly will just halt all innovation.
Or speed it by focusing efforts on well designed software.
Yea, like the Windows 9x days. The best days ever, for sure. The best days for a fucking disaster and a collapse of the Western economy in a matter of days if you suggested that turd.
This isn't in relation to either the chat control law or the cyber resilience act, I haven't read either proposal in enough detail to have a strong opinion on them. But I want to comment on the "sucking the fun out of professional software development" part.
Should we expect professional software development to be fun? There's a lot of laws out there which arguably "suck the fun out of" civil engineering, but I certainly appreciate the fact that there are standards in place to try to keep bridges, tunnels and buildings from collapsing.
Maybe it's not the worst idea in the world to have enforced engineering standards for the digital built environment like we have for the non-digital built environment, and treat it less like a playground where programmers can do whatever they want?
Just a thought, I don't have very strong opinions on this topic.
> Maybe it's not the worst idea in the world to have enforced engineering standards for the digital built environment like we have for the non-digital built environment
If you're building infrastructure control systems, sure.
But for software that "enable human-to-human communication"?
Do we have engineering standards for printing out pamphlets, teaching foreign languages, inventing board games, writing a song?
Obviously the standards should be in concordance with how critical the infrastructure is. I thought that went without saying. I'm just trying to ask if we should expect working on critical infrastructure to be "fun" and not burdened by regulations.
Yea, I wouldn't have a problem with that regulation if it would be applied to only these critical areas. But it seems that they want to apply this directive to all software that's sold in the EU.
To be fair, I haven't read the actual draft, just read some reporting about the implications for open source software.
It seems that application stores would only be a tiny fragment of what would be affected by the law. Basically everything involving facilitating communications between users would be subject to draconian surveillance and reporting requirements. This is not the way a free or open society progresses.
EU is neither free nor open. I'm saying this as a citizen of EU member. It's getting more and more pro-big-business and pro-big-government day by day. While citizen self-governance is crushed over and over.
Good example is Poland vs EU conflict for political control of judges. Meanwhile nobody bats an eye for existing political control of judges in my country. Here higher level judges have to be approved by parliament. Currently parliament speaker is a leader of a party that is trialed for corruption. This party is in ruling coalition as well. So the party that is in trial also makes a call who can work as a judge. Yet there's zero complains about that :)
Personally I don't see how your example shows EU crushing "citizen self-governance" which sounds like a liberarian charged expression for "democracy". Could you elaborate please?
My example was more about EU bureaucrats looking for something else than rule-of-law and democracy and whatnot :)
As for exactly self-governance, IMO earmarked funding is the worst example. There're lots and lots of dumb investments that were made only to take „EU money“ (because somehow it's too hard for people to contact that it's our taxes). And other areas were neglected because there was no „EU money“ to take.
Watchtowers may be one of most in-your-face examples :)
Part of that sentence may have been elided. You could read it as "[If enacted] the proposed Chat control EU law will". That is not an uncommon construct.
Thanks for this comment. I would add restricting chat to 17+ people sounds utterly unfeasable considering how its use is widespread by teenagers of all ages.
That's not really correct. The European Commission might not be directly elected by EU citizens, but the members of the European Parliament are elected by EU citizens, and the Council of the European Union is made up of one minister from each EU member state. A law doesn't get passed without support from the democratically elected parliament members and the national representatives in the council.
It's also worth noting that the President of the European Commission is elected by the European Council (not to be confused with the Council of the European Union). The European Council is made up of the heads of state of the EU member countries (who are themselves generally elected).
Could it be more democratic? Yeah, sure, maybe the President should be directly elected by constituents rather than by heads of states. But it's not undemocratic, and after a law is proposed by the European Commission, the democratic process decides whether it should pass or not.
EDIT: Thank you for your comment though! I'm not in an EU member state, so I haven't really known about this stuff before (I'm just affected by the laws without being a part of the EU demos). Your comment prompted me to research how this stuff actually works.
In my opinion, the EU to be really democratic, the Parliament, that we elect directly, should be able to have the same "right of initiative" (i.e. write laws, not just to approve them) as the Commission/Council.
The commissioners are appointed by the democratically elected government of each country, to push the agenda of the democratically elected government of each country.
Each layer of abstraction takes away choice in this model, and is indeed why Republics have Constitutions, among other reasons. The scope elected officials have is frankly too grand, resulting in positions where one wants to restrict your freedoms and lower taxes, and another wants to restrict your freedoms and raise taxes, and in many cases, the freedoms they want to restrict are the same freedoms -- and then when those freedoms of course are restricted, it's the "people" who voted for it!
And then to have elected officials that are elected by people who got in this way in the first place adds a whole layer of not having the interests of the public in mind.
Is it democratic, the way we normally think of the meaning of that word these days? Sure. Is it something we should take comfort in because of that fact? Personally, I lean toward "no."
Illusion of choice does a lot to pacify a population against tyranny, and the authoritarians are well aware of that fact after the last century or so.
Let me say it again: EU citizens elect members of the European Parliament, there is no extra layer of abstraction. And it's precisely the European Parliament which can do something about it if the Commission is proposing a bad law.
The main problem is that the European Parliament can't write new laws.
There's no way to directly elect members that write laws. In every democratic country, you do.
I agree. It would have been better if a directly elected body could propose laws. Whether you consider the EU "not very democratic" is kinda subjective, but there are certainly strong arguments that it's not as democratic as it should be.
But "if [the not directly elected parts of the EU] want to do something they will and there’s nothing that can be done about it" remains incorrect.
How many democratic governments are there if "if they want to do something they will and there’s nothing that can be done about it" can be used as a filter for not democratic?
Not that there is anything good about this proposed law, mind you :(
As usual, people who aren't familiar with the culture of software write laws that restrict software. I sincerely hope this will just be a scare like Article 10 was, but it'd be much better that whoever these insane proposals are coming from could be stopped.
> people who aren't familiar with the culture of software write laws that restrict software
My interpretation is somewhat different - they are very familiar with software and how it works, but that familiarity appears limited to just the Apple & Android app stores.
A small amount of knowledge is far more dangerous than no knowledge at all.
Even the intention won't get any traction though - even if enacted defiance would be so widespread, if not total, (16 year olds no longer able to digitally communicate, come on) that it would be retracted or at least irrelevant.
Not a very good interpretation of the law, but I'm sure it gets a lot of traffic. The EU definition of online intermediation services specifies that a contractual relationship must exist. It's focused on businesses.
RPM repositories, apt repositories, pkgsrc, and so forth are therefore completely unaffected, as there's no contractual relationship between the providers and users.
Elementary OS, Flatpak, and Canonical's Snap store might have trouble here, and need to implement further controls to be compliant. But nothing is going to "outlaw open source operating systems."
Exactly my thought.
It is hard to correctly read and understand laws (whether proposed or not). Especially if one is not a lawyer, any such commentary should be done extra carefully.
There are contractual relationships between the services and business users: the open source license agreements. These are legal agreements between the copyright holders and the distributors. Does that not fulfill requirement 2.2.c in EU regulation 2019/1150?
No, for a couple of reasons. Primarily the services rendered (i.e. the data in the packages) are not "normally for remuneration" (i.e. nobody is paying to access them specifically).
EU law is cloudier on whether a copyright license constitutes a contract. Under common law there has to be consideration for a contract. Not all EU member states require that, but enough do that I think they'd leave it alone.
Hot take, cites no legal opinion. My personal view is, this is a misrepresentation of the proposed act. The act may be bad, but this interpretation looks suspicious and hyperbolic.
Agreed. Unfortunately I find the European Pirate Party representatives the least reliable when it comes to reporting on privacy laws and similar. Which is pretty damning judgement considering what they see as their mission.
I was trying to be helpful to give you starting point for the reading, as the page will give you a lot of links to deal with. Hopefully this helps you start reading about the topic and discover the actual legislation, links to it and form your own opinion if the draft law is bad or not.
No offense, but that just means the EU will no longer be compatible with FOSS. FOSS runs the world, and Europe will find themselves without software to run the majority of their systems.
Without FOSS? No Internet. No business. No nothing. You'll have maybe 2/3rds of what ships in Windows and less than half of OSX. Oh, and no Ingenuity, which iirc was a joint NASA/ESA project.
It doesn't seem to actually go this far -- it means however that any repository for this free software, which can be obtained from the open repositories around the world, would need to have age verification in place. Meaning that in order to access all of this FOSS, there would be the cost of providing this filtered redistribution service. However it doesn't seem to suggest anyone would be afoul of the law for using a VPN to access it for themselves, likely undermining whatever funding model that service was providing.
It's frankly patently absurd all around.
The one amusing point though I suppose is the fact that Microsoft owns Github, and so while many repos could go ahead and say fine, we don't do business in the EU, Microsoft itself would be the company most impacted by this, as they would need to add in age verification for Github, not really having the easy option to just write off the EU as a bunch of technocratic lunatics.
Furthermore, it gets interesting when we consider cloud computing -- if a child has an AWS or Azure VPS, does this mean the cloud provider must do age verification before providing access to distribution provided repositories? There aren't many kids that are using text based protocols, and probably even fewer that are using finch's discord plugin to access perhaps a more popular platform among youth, but at the end of the day, these are provided.
And then there's the whole matter of web based IRC or other chat services.
We need to stop electing people into office who are a generation behind the rest of the world. In the US we’re (re-)electing octogenarians. In the EU it seems the average lawmaker is 10-15 years older than the average citizen. Experience is commendable, but it’d also be great if the people legislating our future lived in our present instead of our past.
You can’t buy a house working full-time at Sears anymore grandpa. No grandpa, I don’t just have a 20% down payment saved up for that 360k house. The average citizen pays more for a loaf of bread, some Kraft singles, a dozen eggs, and a can of beans than they make in an hour.
The European Parliament (Who appoints the commission) has an average age below 50.
There are certainly problems with electing too old people in some representative bodies. The US congress is one example, while the European Parliament isn't.
Other than open source stuff I don't see what would be hard to comply with it. Most people use Windows, Gmail and Android or iPhone. At least half of those already do most of what this law would ask.
It seems hard to comply with because any software repository and app store falls under this law and the EU cannot control who uploads a chat app on one of these. At least people from non-EU countries will continue to develop and upload chat apps with full end-to-end encryption and without age verification. So essentially this proposed legislation seems to make all software repositories and app stores illegal, which makes it hard to enforce and comply with.
My guess is that the EU would impose fines on repositories and app stores if they contain such apps and try some ostensibly silly IP geo-blocking, and people in the EU would continue to download and use these apps.
> At least people from non-EU countries will continue to develop and upload chat apps with full end-to-end encryption and without age verification.
You're making it sound more trivial than it would be in practice. Google and Apple would promptly block access to those apps to EU citizens. Android users could still sideload apps but it would likely kill adoption without a massive cultural shift towards valuing privacy.
Seems high time for some civil disobedience. Break the law collectively, let them seek to enforce their ridiculous/draconian laws and explain the knock on effects in court.
Alternatively, open source projects that may be effected can withdraw access to their sites and source code and cite the law. Hopefully they forked the code already and don’t need any future updates.
First time ACTA was presented there were protests mostly in Poland. 2nd time it was presented there were protests in Poland, Czech and Germany. 3rd time... it just passed. No one cared to protest again.
Unfortunately, small guy gets a pass but medium/large businesses have an ever increasing difficulty in operating in EU. This might sound like a positive thing but it is tremendously troubling. Corporations employ a lot of people and if they leave, EU would see poverty like never before.
I was involved in GDPR laws and lot of small biz in EU straight up do not follow GDPR and the chances of getting fined in EU courts is pretty negligible. But, if you're a 500 employee company, you're going to have to maintain an army of GDPR consultants and attorneys at your disposal to keep in compliance.
HN is explicitely not the place for political activism of any kind, however justified the cause, just remember that, than you are not enraged by it.
And my general point on this is: I'd like to see them try.
It likely will get softened up quite a lot, but if they really go through with it, they will turn lots of technical (or just privacy concerned) people into criminals over night. Good luck with that. I live in the EU, but I certainly would not comply to any of this. And if Signal will automatically upload images from me, than I will use 100% open source and decentral solutions like Matrix based ones. Might turn out good for that.
We downweighted it because this topic has had lots of discussion [1] and the current article didn't seem to contain significant new information [2, 3].
It's possible that was a wrong call; I didn't look closely at the article. If you or anyone feel strongly about a case like this you should email us at hn@ycombinator.com and make an argument for why the article and thread are worth re-ranking.
"If you or anyone feel strongly about a case like this"
Well, I do feel strongly about this case, but I know and respect, that your main motivation here, is providing a place for interesting debates and political activism often just leads to lots of rants and blowing of steam. So I would appreciate it, if topics like these sometimes are visible, so more people are aware of the topic, but I can live with the downranking of this specific article (especially since it was a bit hyperbole).
Have recently found this to view HN: https://hckrnews.com/, a "chronologic list of items that have made it onto the Hacker News homepage", by homepage I presume the first page.
"They" are in a dilemma, they either go total global control or they lose control. And it's clear they are going with the former.
This is just one more law that makes no practical sense even if the intentions were noble. The WHO treaty, CBDCs, and digital IDs are all in the pipeline doing much the same.
With the real-time, global, instant communication network that is the internet, "their" ONLY hope to retain control at scale is to use AI/Software and essentially force everyone to obey a computer.
They will fail, that's the good news. Mostly because of entropy - that is to say, it is far cheaper and easier to disable a structure than build it up. A $2B data center can be disabled by a fire or a virus. A "too-big-to-fail-bank" can disappear overnight when customers close their accounts.
The reason those don't happen normally is because people are mostly good, happy, and trusting. Once the trust is gone, there is anger, and self-interest trumps good-intentions - that's when the entropy and "Black Swan" events really kick in. I recommend Joseph Tainter's The Collapse of Complex Societies for how such processes have repeatedly taken place throughout history.
The bad news is that they are going to try and force total control through anyways, so get ready. Nobody can predict how its going to unfold.
Patrick Breyer (Member of EU Parliament for the Pirate Party) maintains an overview of all the ins and outs of the Chat Control legislation and things you can do to protest against it.
All the Europeans who constantly deride Americans for their government and laws, where are you on this? This is more egregious than not paying for doctor visits IMHO. You have to be 17 to talk to another human being on the internet? Anyone who hosts an application for downloadust verify user identity? This is absolutely nuts.
Something worth thinking on. It’s oversimplifying to say that this is merely a case of bureaucratic greed for power (which seems to be the main theme amongst comments).
Kids are being harmed and are harming others online. Parents (imperfect as they may be) have far less ability to intervene than they do in physical spaces. Technologies (and technologists) are a major cause of this autonomy.
If we build technology that leads to harm, it increases the chances that a law like this is passed. Doesn’t matter if we meant to. The primary role we have to prevent legislation like this is to think creatively on how what we build can help create a better world in many aspects that are largely overlooked. Otherwise we’re feeding the political capital of bills like this.
Want to preserve the current internet? Don’t settle for the current societal impacts. They’re unacceptable and politicians will have to respond, and will do so the only way they know how.
No law can censor a distributed system. ChatControl, so while surely large platforms would LIKE such law while little competitors would not, P2P/distributed networks of FREE software, not mere open source "commercial" services, would not be affected.
It's about time to understand two things:
- Open Source is a way to solve the insustainability of proprietary software AGAINST Free Software;
- Surveillance and censorship can be only defeated by the People rising and imposing their will.
The first is obvious to anybody who know a bit of actual state of things in IT land, the latter it's unlikely since most people are grown without knowing the meaning of freedom.
How hard is it for repos to just "not do business in the EU" -- especially those that are donation funded in the first place? It's been awhile since we saw the amusing maps drawn by the Pirate Bay pointing to the big pond that separates where the law is enforceable and where the servers are. Perhaps it'd require IP range blocking, but honestly, if there's no ads or any business being done in the EU, even that seems unnecessary -- the EU can take the trouble to block them if they like.
Well, an outright ban would make most corporate business in the EU impossible, which is why China hasn't even gone this far. I guess you could go ahead and try to ban VPN's for private use, but frankly my suspicion is that this would not be easily enforceable, and on top of that would be easy enough to get around using a "poor man's VPN", ie, ssh -D. Going down the rabbit hole further, banning ssh would still leave the door open for things like stunnel, socks, or heck, even just http proxies.
At some point you're asking to just change the way networking works in the first place. All to stop kids that can drive a car and meet strangers in person from chatting with strangers on the Internet.
> REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
> laying down rules to prevent and combat child sexual abuse
Ah yes the tried and true "will somebody think of the children!" excuse to pass some tangential fascist laws without actually doing anything to help children in any way.
The right way to respond to this is to launch a detailed EU petition about it – the EC parliament is fairly open and previous petitions with a large number of signatures have, unlike perhaps other countries, effected a change in policy, e.g. on the use of neonicotinoid pesticides ("save the bees") which are banned in the EU after much action [1].
On "[*] To define a software application store the law makes a reference to the EU Digital Markets Act, Article 2, point 12 which defines “virtual assistant”. What they actually mean is point 14, which does define “software application store”."
Is any package manager defined as "software application store" ?
We have had physical mail for millennia, and yet I can still go send stuff completely anonymously.
Before adding these insane restrictions for sending messages online, maybe these politicians should first force people to identify themselves and prove they're over 17 to send a letter? See how well that goes
The proposed law needs to be scrapped completely. The whole thing is bad, all it’s got going for it is the claim that they’re going to “protect the children”.
I'm curious to know how likely this is to pass. EU laws are proposed by the council, but passed by the (much more representative and democratic) parliament.
The EU has fairly good form in terms of passing common-sense tech laws (see; GDPR) so I'd be skeptical that this is any more than a dumb proposal destined for failure.
Laws are proposed by the Commission, not the Council.
The Council and Parliament work like different chambers in the EU system, kinda like the Senate and the House in the US, but it's the prerogative of the Commission to propose new laws.
Elections work similarly in any European parliamentary system. Prime ministers are also indirectly elected in those systems.
The main difference is that the executive (the Commission) is the only one that can propose laws in the EU, but the other EU lawmakers can still amend legislation.
(just stating this for people reading the comments, not specifically for you)
EU tech law seems to be a bit of a rollercoaster. GDPR was conceptually a great thing (although its actual implementation smacks strongly of boomers with filofaxes ranting about FaceTok and Google Siri), the right to repair is good, the USB-C thing is useful. The cookie permission thing didn't work though.
It's sad to see the EU now joining the "let's use child abuse as an excuse to steal the internet" bandwagon. The UK Government has been doing this for years, and is trying it right now with the Online Safety Bill. I never know what to think of the motivation behind this stuff. Is it a well-meaning but naive attempt to protect the vulnerable, or is it the establishment desperately trying to destroy the threat posed by open communication and the empowerment of individuals?
The problem with these directives is that they have to be codified into national laws. This takes a long time and is a complicated process. It seems much easier to enact them than to take back mistakes.
That alone seems to guarantee an authoritarian future or, at least, a bureaucratic nightmare in the long term. A small mistake here or there might appear to be harmless (e.g. cookie permissions), but what about the cumulative effects 50 years in the future?
Why do you think GDPR is some boomer with filofaxes thing?
I'm young enough to be born at about the introduction of the original Mac and have worked with ecom for a long time now and GDPR from my perspective is an excellent law with the exception of some lacklustre enforcement.
Our clients all cleaned out their already collected data, they implemented deletion, and extraction/change-on-request by customers, they limited their tracking and data collection among many other things.
Not only was it an immediate privacy win for their customers, it made further development easaier because we did not have to deal with as much data, and it also protects the clients in the event of a data breach since there is less customer data to lose.
"Why do you think GDPR is some boomer with filofaxes thing?"
I handle the GDPR compliance for my company so I've had to get stuck into the topic. Once you start actually trying to apply the various definitions and rules to the real world, they quickly break down. Examples:
1. The core concept in GDPR, personal data, is defined sloppily: "data relating to an identifiable natural person". It doesn't work because "relating to" is a hand-wave. Your name is obviously personal data, but (according to mainstream legal interpretation) so are IP addresses, despite the fact that people do not have IP addresses, network interfaces do.
2. Personal data is not defined in terms of the context in which it appears, which is crucially important. If I have the text "John Smith" in a database in a column called "name" and it actually relates to a person called "John Smith", that's clearly personal data. But what if someone uses my platform to spin up a VM with the hostname "johnsmith" - is that personal data? According to my lawyers, the answer is "maybe". I know lawyers have a tendency to be like that, but the law itself shouldn't leave the question open.
3. The construction of the law is poorly thought-out and leads to silly contradictions, e.g. if you have someone's personal data and you are told to stop processing it, you must stop processing it. But storage, erasure and transmission are all classed as processing, and it's logically impossible not to do at least one of these things.
All that being said, I'll repeat that I fully agree with GDPR's objectives and I think its real-world impact is positive. I just wish more people who understand how computers work had been involved in drafting it.
> so are IP addresses, despite the fact that people do not have IP addresses
And car registration numbers and passport numbers and street addresses are also personal identifiable information despite the fact that people does not have those either. Just like IP addresses. This is a good thing.
> Personal data is not defined in terms of the context in which it appears
This is a good thing because it closes a dozen loopholes and allows good-faith actors to remain on the right side of the law without much effort.
> if you have someone's personal data and you are told to stop processing it, you must stop processing it. But storage, erasure and transmission are all classed as processing, and it's logically impossible not to do at least one of these things
This just shows a poor understanding of the law, or you are just hand-waving things you have no knowledge about. This is not how the GDPR works. At all.
> And car registration numbers and passport numbers and street addresses are also personal identifiable information despite the fact that people does not have those either. Just like IP addresses
The analogy doesn't work. A passport number is always "of" a person, because passports are issued to people. An IP address is often, (even usually, for IPv4), far-removed from an individual. Also see M95D's response above: "no it's not". You're confident that there's a good reason why an IP address is personal data and he's confident it's not personal data. This is what I mean when I say it's a poorly-written law.
> This is a good thing because it closes a dozen loopholes and allows good-faith actors to remain on the right side of the law without much effort.
Fair enough; in my opinion, ambiguity and hand-waving in legislation is too high a price to pay, and is also unnecessary. It's literally their job to codify the rules rigorously.
> This just shows a poor understanding of the law, or you are just hand-waving things you have no knowledge about. This is not how the GDPR works. At all.
I know my example isn't a real contradiction (and see also M95D's response in which he points out how the rules actually apply). I'm giving an example of language and terminology in the law which is on its face confusing and sloppy.
> 1. The core concept in GDPR, personal data, is defined sloppily: "data relating to an identifiable natural person". It doesn't work because "relating to" is a hand-wave. Your name is obviously personal data, but (according to mainstream legal interpretation) so are IP addresses, despite the fact that people do not have IP addresses, network interfaces do.
No, it's not, unless you have logs or database records that links the IP address to a person (such as a login from that IP). And I bet you do, that's why it bothers you.
> 2. Personal data is not defined in terms of the context in which it appears, which is crucially important. If I have the text "John Smith" in a database in a column called "name" and it actually relates to a person called "John Smith", that's clearly personal data. But what if someone uses my platform to spin up a VM with the hostname "johnsmith" - is that personal data? According to my lawyers, the answer is "maybe". I know lawyers have a tendency to be like that, but the law itself shouldn't leave the question open.
Users can leave data that identifies them in various places. Sometimes they do it intentionally, sometimes not. It's your job to warn them and obtain consent.
3. The construction of the law is poorly thought-out and leads to silly contradictions, e.g. if you have someone's personal data and you are told to stop processing it, you must stop processing it. But storage, erasure and transmission are all classed as processing, and it's logically impossible not to do at least one of these things.
> No, it's not, unless you have logs or database records that links the IP address to a person (such as a login from that IP). And I bet you do, that's why it bothers you.
Nope, the scenario is which this came up for me was about keeping IP addresses in a blacklist in a firewall. No logs or linking or anything.
> Users can leave data that identifies them in various places. Sometimes they do it intentionally, sometimes not. It's your job to warn them and obtain consent.
If it's my job to obtain individuals' consent to process their personal data in contexts where they have no business putting personal data, the law is poorly-designed.
Thanks for the info and links, that's genuinely useful. For the record I know my example isn't a watertight logical gotcha; it's an example of how GDPR's language is (IMHO) imprecise and unhelpful.
I’d be interested in the data and studies backing the thesis that legal, indiscriminate, indefinite wiretaps are effective at controlling human trafficking.
We downweighted it because this topic has had lots of discussion and the current article didn't seem to contain significant new information. More at https://news.ycombinator.com/item?id=34615789.
I was about to write a knee-jerk comment about how short-sighted the EU law is, but then I stopped and rethought.
EU (and India) are fundamentally trying to strengthen their local economies and severe their dependence on US based entities. I could disagree but I think it’s really important to understand that these are sovereign nations with dedicated think tanks.
Policy decisions like this are debated and then enacted. It would not be surprising if the coverage of Open Source software repositories is not accidental, but actually a very well thought nuance because truth is that nearly all big Open Source entities are US based! In the eyes of the policy makers, The “big tech problem” may not be limited to commercial for-profit entities and arguably more relevant to open-source which is where EU is betting it’s future on.
However absurd it may seem to a open source activist, it may not seem absurd for a policy maker to consider that open source stewardship should have an independent EU chapter as well that answers to EU policy and abides by the local laws. It may not happen on day 1, but policymakers of such wide ranging laws like the Digital Markets act, think more in decades, than years.
TL;DR - Interesting interpretation is that Digital Market act purposefully covers all “big tech players” - commercial or open source. In the eyes of EU policy makers Mozilla, Apache and Debian foundations could very well be as “US controlled” and “strategically important” as commercial entities!
(disclaimer: I work for a large corporation, but this comment is my own 1am thought!)
The GPL it's bound to the Berna convention of Copyright. Crap out the GPL on incompatible licenses, watch the entire EU industry collaboration collapse overnight.
Yet...How can the same organization be behind this? Is it a result of the sheer size of the org, with malevolent people reeking their ugly heads? A more cynical "privacy legislation as a smoke screen with totalitarian measures in the backend"?